implementation of the revised eu payment services ... · implementation of the revised eu payment...
TRANSCRIPT
Implementation of the revised EU Payment Services Directive II:response to the consultation
July 2017
Implementation of the revised EU Payment Services Directive II:response the the consultation
July 2017
© Crown copyright 2017
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: [email protected].
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at www.gov.uk/government/publications
Any enquiries regarding this publication should be sent to us at [email protected]
ISBN 978-1-912225-05-7 PU2092
1
Contents Page
Chapter 1 Introduction 3
Chapter 2 The government's general approach to implementation 5
Chapter 3 Scope and definitions 7
Chapter 4 Authorisation, capital, safeguarding and prudential
requirements
11
Chapter 5 Transparency and information requirements 13
Chapter 6 Conduct of business rules 17
Chapter 7 Account Information Services and Payment Initiation Services 19
Chapter 8 Respondents to the consultation 25
3
1 Introduction
Background to the consultation
1.1 The second Payment Services Directive (PSDII) was approved by the European Parliament and
European Council in late 2015, and came into force on 13 January 2016. Market participants
will need to comply with the majority of the requirements set out in the legislation from 13
January 2018.
1.2 Most of the PSDII’s provisions are aimed at helping create a more integrated and efficient
European payments market, as well as protecting consumers by making payments safer and
more secure. By creating a new regulatory regime for third parties who wish to access bank
account information and make payments on behalf of clients, the PSDII also promises to provide
a stimulus to a range of new services that will benefit consumers in managing their finances,
and increase competition across financial services.
1.3 On 9 February 2017, the government published a consultation document, ‘Implementation of
the revised EU Payment Services Directive II’, as well as draft legislation. The consultation invited
responses on the government’s proposed approach to transposing this directive into UK law.
1.4 The government received over 85 formal responses to the consultation (this excludes several
hundred responses received from consumers on a single issue, referenced later on in this document).
Responses came primarily from banks, e-money providers, and payment institutions as well as
merchants, consultancies, and trade bodies. A full list of respondents can be found at Annex A.
1.5 This document summarises the content of these representations and sets out the
government’s response, indicating where the final policy has been adjusted to take respondents’
views into account. The government is grateful for all of the contributions made during the
consultation process.
Next steps
1.6 The government has published the final legislation alongside this summary of responses and
has today laid it in Parliament.
1.7 The Financial Conduct Authority (FCA) and Payment Systems Regulator (PSR) have recently
finished consulting on the necessary changes they will need to make to their guidance to
implement the PSDII,1 and will publish their final documents in Q3 this year.
1.8 Obligations relating to the European Banking Authority’s Regulatory Technical Standards on
strong customer authentication and secure communication will come into force 18 months after
it is published in the Official Journal of the European Union.
Exiting the EU
1.9 On 23 June, the EU referendum took place and the people of the United Kingdom voted to
leave the European Union. Until exit negotiations conclude, the UK remains a full member of the
European Union and all the rights and obligations of EU membership remain in force. During
this period the government will continue to negotiate, implement and apply EU legislation. The
outcome of these negotiations will determine what arrangements apply in relation to EU
legislation in future once the UK has left the EU.
1 https://www.fca.org.uk/firms/revised-payment-services-directive-psd2
5
2
The government's general approach to implementation
2.1 This chapter of the consultation invited views on whether government’s broad approach to
transposition is appropriate.
Question 1. Do you agree with the government’s proposed approach to implementation of the
PSDII? Bearing in mind the maximum harmonising nature of the PSDII, do you think the
structure of the regulatory regime will allow the UK’s competent authorities to enforce the
regulations in a fair and equal way towards all payment service providers?
2.2 Respondents who answered this question generally agreed with the government’s proposed
approach to copying out the directive, while looking to take advantage of derogations, and
ensuring that the exemptions from the Payment Services Directive (PSDI) carry across to the PSDII
where appropriate. Many respondents noted that this approach would provide benefits to
businesses and consumers, while reducing costs.
2.3 On the ability of the UK authorities to enforce the regulations, a number of respondents
were concerned that the Financial Conduct Authority (FCA) do not have broad enough powers
to regulate specific areas effectively.
Further comments
2.4 Several respondents asked the Treasury to align the implementation of the PSDII with the work
of the Open Banking Implementation Entity (OBIE), noting the similarities between the two.
2.5 The government also received several hundred responses from consumers regarding
transparency in foreign exchange, calling for firms to display the amount of money they are
making from the exchange rate.
Government response
2.6 The government considers it appropriate to maintain its proposed approach to
implementing the PSDII: copying-out the directive, while looking to take advantage of
derogations, and ensuring that the exemptions from the PSDI carry across to the PSDII, where
appropriate. This will help to minimise the impacts on affected businesses, while ensuring that
consumers benefit from the protections and rights that the PSDII puts in place.
2.7 In response to the concerns of some respondents to the consultation about the FCA needing
more powers, the government has examined the case for extending the FCA’s existing powers to
make conduct rules for firms regulated under the Financial Services and Markets Act (FSMA) to
firms regulated under the PSDII and the E-money Directive (EMDII). The government has
concluded that there is merit in extending the FCA’s rule-making powers to enable the regulator
to combat poor practice among firms regulated under these two directives, protecting consumers,
and ensuring that all firms providing payment services can be held to the same standard.
2.8 The government welcomes the additional comments of respondents, including on the
importance of aligning the implementation of the PSDII with the work of the OBIE. The
6
government is working closely with the OBIE and its Implementation Trustee to ensure the
successful rollout of Open Banking and the PSDII from January 2018.
2.9 The government has also explored the issue, raised by several hundred responses to the
consultation, on the transparency of overseas money transfer fees. The directive requires firms to
be transparent about any fees for overseas money transfer and the exchange rate that
businesses and consumers are provided with. These provisions are replicated in the Regulations.
Although the government can see the benefits of requiring even greater transparency (by
making firms display the amount of money that they are making from the exchange rate they
offer), implementing such a provision would be gold plating the directive. In line with the
government’s policy not to gold-plate wherever possible, the government will implement the
explicit disclosure requirements as set out in Title III of the directive. The government notes,
however, that recital (84) of the directive emphasises the need for price transparency, and
expects firms to bear this in mind when disclosing information to customers.
Question 2. A consultation stage impact assessment of the proposed changes will be published
before the end of the consultation. Do you have any comments on the impact of the PSDII set
out in the impact assessment?
2.10 The majority of respondents who answered this question agreed overall with the impact of
the PSDII, as set out in the consultation stage impact assessment.
2.11 However, several respondents to this question thought that the impact assessment under-
estimated the legal and compliance costs. The cost to telecommunications providers of building
a platform to track customer expenditure (needed to take advantage of the electronic
communications network exemption was also highlighted.
Government response
2.12 The government has used the estimates provided by industry (both quantitative and
qualitative) to inform its final policy positions and impact assessment. A final impact assessment
will be published in due course.
7
3 Scope and definitions 3.1 This chapter of the consultation invited views on the types of providers and activities covered
by the PSDII and its exemptions, as well as the definition of relevant terms.
Q3. Do you agree that the government should continue to exempt the institutions listed above
(National Savings Bank (NS&I), credit unions, and municipal banks) from the PSDII?
Q9. Do you agree with the approach to continue to exercise the Small Payment Institution (SPI)
exemption, with the same conditions as under the PSDI?
3.2 The majority of those who responded to this question agreed with the government’s
proposed approach of continuing to exempt NS&I, credit unions, and municipal banks from the
PSDII, and continuing to exercise the SPI exemption with the same conditions as under the PSDI.
The vast majority of respondents thought these exemptions are proportionate, and that they
have not led to any problems.
3.3 In the case of credit unions, a number of respondents also noted their importance in
providing banking services to vulnerable customers, and argued that without an exemption
credit unions would not be able to perform this work as effectively.
3.4 However, some respondents disagreed with the government’s approach, stating that there
should be a level playing field across all payment service providers (PSPs).
Further comments
3.5 The consultation document was clear that the government had no plans to extend the
provisions under the directive to cheques. Respondents offered a range of views on this subject
with some in agreement, while others thought that the matter should be re-examined once
cheque imaging has bedded in.
Government response
3.6 Recognising the potentially significant business impacts of bringing the institutions listed
above into regulation, the government considers it appropriate and proportionate to maintain
the exemption for these institutions. The government also intends to continue exercising the SPI
exemption with the same conditions as under the PSDI.
3.7 In line with Article 3(g) of the directive, cheques will remain out of scope of the PSDII and
the PSRs.
Q4. If you intend to make use of the electronic communications networks and services
exemption, how do you intend to track the €50 and €300 spending limits?
3.8 No respondents raised any concerns with the €50 exemption limit for individual
transactions. However, the majority of those who responded noted concerns regarding a firms’
ability to track the monthly €300 spending limit for subscribers, and the costs that would be
involved in building a system capable of doing so.
Further comments
3.9 One respondent suggested that the limits should not apply to business-to-business
telecommunications providers, fearing that the monthly limit of €300 per “subscriber” would
apply to the business as a whole rather than individual employees of that business.
8
Government response
3.10 The government has noted the concerns of industry regarding the potential costs of
building systems for tracking these exemption limits, which are specified in the directive.
3.11 Firms looking to benefit from the exemption will be required to submit an audit report at
the end of each year regarding compliance with the exemption limits. The precise form of this
audit report was consulted on by the FCA,1 and will be finalised in due course.
3.12 The government will also set out in the regulations (based on the Bank of England spot
rate) the limits in sterling as opposed to euros. This is in line with other consumer-facing pieces
of legislation, such as the Consumer Credit Act, and will help to ensure that the limits are clear
for consumers.
3.13 The government has worked with the FCA regarding the term “subscriber” and its applicability
to telecommunications providers. The FCA will set this out in their Approach Document.
Q5. Is the approach on cascading useful to intermediaries given the limits on the exemption and
the potential need for authorisation or registration for other services provided? What types of
business models would benefit?
3.14 The majority of respondents supported the government’s proposal to cascade the
electronic communications network and services exemption to include intermediaries that
facilitate the transfer of money to merchants (with some respondents emphasising the particular
importance of this).
3.15 However, a number of respondents noted that some firms benefitting from the cascade may
need authorisation under a different part of PSDII, if they are also providing other payment services.
3.16 Those respondents who disagreed with the approach did so for a number of reasons,
including the potential for risk to be concentrated through some intermediaries.
Further comments
3.17 Several respondents noted that the responsibility for tracking spending limits should rest
with the service provider. It was also noted that cascading the exemption would be broadly
consistent with Phone-paid Services Authority (PSA) regulation.
Government response
3.18 Given the vital role that intermediaries play in the function of electronic communications
networks and services, the government considers it appropriate to cascade the electronic
communications network and services exemption to intermediaries, specifically for services
undertaken on those networks. If an intermediary is providing other payment services, then they
will need to be registered or authorised.
3.19 The government recognises the concerns with this approach (such as that these firms do
not have to safeguard client funds) and has worked closely with the PSA and OfCom to assess
the extent to which these are problems. Following these discussions, it is the government’s view
that the existing safeguards help to mitigate much of the risk.
3.20 The FCA will seek to update their guidance and approach to the monitoring of spending
limits and annual audit reports for firms benefitting from the cascade.
1 https://www.fca.org.uk/publications/consultation-papers/implementation-revised-payment-services-directive-psd2-cp17-11
9
Q6. Do you agree with the government’s interpretation of the limited network and commercial
agent exemptions? Which business models do you think may now be brought into scope that
were previously exempt?
3.21 The majority of respondents raised concerns that the government’s interpretation of the
limited network and commercial agent exemptions did not give sufficient clarity as to which
businesses were in and out of scope.
3.22 Limited network exemption: A number of respondents also set out their view that cards or
products which are limited to specific geographical locations or specific networks of retailers
(such as gift cards) should be within the scope of the exemption.
3.23 Commercial agent exemption: All those respondents that commented agreed with the
government’s expectation that a number of businesses using ‘platforms’ (such as Virgin Money
Giving) would not benefit from the new exemption and would be in scope of the PSDII.
However, there was no uniform view on exactly which ‘platform’ business models will be in
scope or the impact that would have.
Further comments
3.24 Three respondents raised concerns regarding the notification requirements for services
which fall under the limited network exemption, arguing that they would be burdensome.
Government response
3.25 The government welcomes the views of industry and recognises the desire for clarity over
which business models will be within the scope of the limited network and commercial agent
exemptions set out in the directive.
3.26 Whether a firm is within the scope of these exemptions is dependent on the precise
business model. If firms think that they may be able to benefit from the exemption, or are
concerned that they may be brought into regulation due to the narrowing of the exemptions,
they should discuss this with an independent advisor and if necessary consult the FCA.
11
4
Authorisation, capital, safeguarding and prudential requirements
4.1 This chapter of the consultation invited views on accessing payment systems and payment
account services, as well as the minimum registration requirements for firms eligible to have all
or part of the prudential authorisation regime waived.
Q7. Do you agree with the proposed change to safeguarding to ensure funds can be deposited
with the Bank of England?
4.2 The overwhelming majority of those who responded to this question agreed with the
government’s proposed change to ensure suitable payment institutions can deposit funds with
the Bank of England (“the Bank”) to facilitate direct access to payment systems, with many
noting its benefits for competition in the sector. However, alongside this general support was a
request for more clarity from the Bank on how it will work in practice.
Government response
4.3 The government has worked with the Bank and the FCA on provisions that will enable non-
bank payment service providers (PSPs) to effectively safeguard client funds in a settlement
account with the Bank.
4.4 The Bank will set out more detail on how non-bank PSPs can hold a settlement account with
the Bank, and safeguard funds there, in due course. Their intention is for firms to be able to
start applying for accounts from Q1 2018, with the first non-bank going live in the Bank’s Real
Time Gross Settlement (RTGS) system later in 2018.
Q8. Do you agree with the government’s proposed approach to access to payment systems and
payment account services?
4.5 The majority of respondents who answered this question were supportive of the
government’s proposed approach overall, particularly with regard to access to payment systems
(credit institutions will be required to ensure they are providing their services on a proportionate,
objective, and non-discriminatory basis). However, respondents also highlighted concerns
regarding access to payment account services. Specifically, a number of respondents stated that
credit institutions should publish objective requirements for allowing access to payment
accounts in the interest of transparency.
4.6 Two respondents disagreed with the approach on the basis that they do not believe that the
regulators – both the PSR and the FCA – will be able to enforce the requirements on credit
institutions effectively. Other respondents agreed with the government’s approach, but
highlighted the key role that the regulators will have to play.
Further comments
4.7 Several respondents suggested specific actions that the regulators could take in this area,
including publishing guidance and regular reports, and ensuring there is a mechanism for
12
dispute resolution, with either an independent arbiter or one of the regulators acting as arbiter,
where a firm is not granted access to one of these services.
4.8 One respondent questioned why it is the government’s intention to bring securities
settlement systems into scope.
Government response
4.9 The government intends to maintain its approach to access to payment systems and
payment account services. Following our consultation, the FCA and PSR published their draft
approach documents, which set out in further detail how the regulators would monitor and
ensure fair access to payment systems and payment accounts. The government recognises some
respondents’ desire to have a form of dispute resolution, but notes that the PSDII does not
provide for any such formal dispute resolution process in this context.
4.10 With regard to payment account services, credit institutions must report instances where
they do not provide access to the FCA. The FCA’s and PSR’s draft Approach Documents set out
their expectations concerning these notifications and credit institutions providing objective, non-
discriminatory and proportionate access, and some of the questions they may ask of credit
institutions to further assess whether this requirement is met.
4.11 The government can also clarify that it is not our intention to bring securities settlement
systems into scope. Securities systems are only in scope of the access requirements to the extent
that they are also a payment system which processes transactions that are not excluded by
Article 3(i) of PSDII.
13
5 Transparency and information requirements
5.1 This chapter of the consultation invited views on the provision of information to consumers
and micro-enterprises, alignment of PSDII with the Consumer Credit Act (CCA), and the
domestic thresholds for low-value payment instruments.
Q10. Do you agree that the government should extend the right of termination to overdrawn
current accounts?
5.2 The majority of respondents to this question disagreed with extending the customer’s right
of termination to overdrawn current accounts. Those who were in favour noted that it reflects
current arrangements in the Current Account Switching Service (CASS).
5.3 Some respondents who disagreed had concerns regarding the cost of debt collection when
relying on contractual rights to recover debt once a contract has been terminated, and thought
such arrangements could lead to confusion, with consumers thinking that they could terminate
an agreement and leave their debt behind.
Further comments
5.4 Respondents also had concerns that the implementation of the PSDII is not the appropriate place
to make this change, as well as raising concerns that other proposals in the regulations, which
sought to clarify the relationship between the PSDII and the CCA would lead to confusion.
Government response
5.5 The government welcomes the feedback it received from industry on this question, and
following further engagement with industry and CASS, has concluded that the market is
working sufficiently well regarding the termination of overdrawn current accounts and that
there is no need for an explicit right of termination at this point in time.
5.6 In response to feedback from respondents, the government has also decided to limit the
extent of other proposals which seek to clarify the relationship between the PSDII and the CCA,
but to proceed with those on information and transparency requirements, bearing in mind the
need to ensure compatibility with the PSDII.
Q11. Do you agree that the Title III provisions should continue to apply to transactions involving
micro-enterprises in the same way as those involving consumers?
5.7 Respondents to this question almost unanimously agreed that the Title III provisions should
continue to apply to transactions involving micro-enterprises, noting that this affords the
smallest businesses with an appropriate degree of protection and access to payment methods.
5.8 Those respondents who disagreed argued that contracts between micro-enterprises and
PSPs are contracts between businesses and so Title III provisions should not apply.
Further comments
5.9 One respondent noted that they were not clear on whether the provisions in Title IV would
be applied in the same way to micro-enterprises or consumers.
14
Government response
5.10 As under PSDI (and in line with responses to the consultation), the government will continue to
apply both Title III and Title IV provisions to micro-enterprises, in the same way as to consumers.
Q12 and Q16. Do you agree with the government’s proposal to maintain the thresholds set for low-
value payment instruments in the PSRs (for both domestic and cross-border low-value instruments)?
5.11 Respondents to these questions almost unanimously agreed with the government’s
proposal to maintain the thresholds, noting that it is key to the UK’s e-money dominance and
would be welcomed by industry. Respondents noted that for cross-border low-value payment
instruments, consistency with other member states is preferable.
5.12 A small minority of respondents argued for variations of the thresholds. One thought that
the €60 individual transaction limit is too low, another argued that the threshold be set at the
domestic limits for contactless card-based transactions, with another arguing PSPs should be
free to choose the limits they set for cross-border instruments.
Government response
5.13 In line with the views of the vast majority of respondents, the government intends to
maintain the thresholds for low-value payment instruments in the PSRs at:
domestic: €60 for a single transaction, €300 total spending limit, and €500 total
stored value limit
cross-border: €30 for a single transaction, €150 total spending limit, and €250
total stored value limit
Q13. Do you think PSPs should be required to provide monthly statements to payers and payees?
5.14 Although the majority of respondents argued that PSPs should not be required to provide
monthly statements, there was no support for the default in the directive of transaction-by-
transaction reporting.
5.15 Respondents also noted that there are different types of PSP, and questioned whether all
PSPs should be required to provide monthly statements. Finally, some respondents raised
concerns about different types of account, and whether it was proportionate to require monthly
statements for all accounts – particularly savings accounts.
Government response
5.16 The FCA set out more detail on the options allowed by the directive in their consultation.
5.17 The government has also engaged further with industry to reach a common understanding
that the default option in the directive is for transaction-by-transaction notifications unless
customers choose otherwise.
5.18 In light of this common understanding, industry now broadly supports the government
exercising the member state option to require monthly statements, but allowing for some
consumer choice.
5.19 The government therefore intends to mandate that customers are provided with a monthly
statement on a durable medium, thereby avoiding the default scenario of transaction-by-
transaction notifications.
5.20 The government also recognises that this may not be how individuals wish to receive
information on their payment transactions. The government therefore intends to also allow PSPs
15
to include in their framework contracts a clause which enables consumers to choose whether
they wish to change how they receive their statement. Customers will have the choice over
whether they wish to have the statement actively provided or just made available on request,
whether they wish to receive it in an alternative manner which allows the information to be
stored and reproduced, and whether they wish to receive it more frequently than monthly.
5.21 The government can also confirm that where there are no transactions on an account (as is
the case for many savings accounts) during a month, there will be no need to provide the user
with a statement.
17
6 Conduct of business rules
6.1 This chapter of the consultation invited views on how firms should go about conducting
their business, with questions specifically on the coverage of the Financial Ombudsman Service
(FOS), the extent of the surcharging prohibition, and the limits for cross-border low-value
payment instruments.
Q14. Do you agree with the government’s proposal to provide access to out-of-court
procedures (in the form of the FOS) only where the complainant would usually be eligible to
refer a complaint to the FOS?
6.2 Respondents who answered this question almost unanimously agreed with the
government’s proposal to provide access to out-of-court procedures (in the form of the FOS)
only where the complainant would usually be eligible to refer a complaint to the FOS.
Further comments
6.3 Some respondents also noted that this would lead to micro-enterprises having greater
protections than other small businesses (who are not currently eligible to refer a complaint to
the FOS), while another asked for clarity on the treatment of disputes where a micro-enterprise
is also a Third Party Provider (TPP – a collective term for Account Information Service Providers
(AISPs) and Payment Information Service Providers (PISPs)).
Government response
6.4 In line with the majority of responses to the consultation, the government intends to
continue to limit access to the FOS to those complainants who would usually be eligible to refer
a complaint to the FOS, including those consumers who use a registered Account Information
Service Provider (rAISP).
6.5 Industry also raised points regarding the disparate treatment of micro-enterprises and small
businesses. This forms part of a broader discussion regarding the FCA’s ongoing work on small
and medium-sized enterprises access to alternative dispute resolution (ADR) mechanisms.
6.6 Since the consultation, industry has also enquired as to whether they have a broader
requirement to provide an option for ADR for all customers, including corporates. The
government can clarify that, where there is a dispute regarding an element of Titles III or IV, the
PSP needs to notify the complainant of a source of ADR, where they use ADR services.
Q15. Do you agree that the prohibition on surcharging should be limited to payment
instruments regulated under Chapter II of the Interchange Fee Regulations (IFRs)?
6.7 A number of respondents, principally merchants and their representatives, either thought
that there should be no surcharging ban (which is not an option under the PSDII) or that the
ban should not be extended further. Their objections to the ban stemmed from the restrictions
that it places on being able to pass costs on to the consumer.
6.8 Some respondents who thought there should be no surcharging ban, but who understood
that this was not an option under the PSDII, argued that a second-best outcome was extending
the ban to all payment instruments.
6.9 Those respondents who argued strongly in favour of extending the prohibition to all payment
instruments did so on the grounds that it would increase competition by providing a level playing
field for all. Some also cited that the current negative experience of surcharging for users was a
18
reason for a wider prohibition, and that a prohibition on surcharging for all payment instruments
would be more enforceable than a partial ban, helping to protect consumers.
Further comments
6.10 A number of respondents also stated a desire to see more transparency around the
calculation of surcharges, with one respondent suggesting that merchant acquirers should be
required to publish online how surcharges are calculated.
6.11 One respondent noted the interaction with interchange fees, and that they are facing
significantly higher costs for processing debit cards regulated under the Interchange Fee
Regulation (where the PSDII mandates a surcharging prohibition).
Government response
6.12 The government welcomes the views of respondents, and has also engaged with the PSR
and the Competition and Markets Authority in assessing how best to regulate the practice
of surcharging.
6.13 Taking into account the range of views received through the consultation, the government
has decided to extend the surcharging ban to all retail payment instruments. This will create a
level playing field between payment instruments and create a much clearer picture for
consumers in which they know the full price of the product/service they are purchasing upfront
and confident that there will be no additional charges when they come to pay for any payment
instrument they choose to use. A blanket ban on surcharging for all retail payment instruments
will also be much easier to enforce than the current position in which merchants are able to
pass on costs (but the consumer has no easy way of assessing what these are).
6.14 The government does not however intend to extend the surcharging ban to commercial
payment instruments, as these are not in competition with retail payment instruments.
6.15 The government recognises that, in some instances, interchange fees have increased since
the Interchange Fees Regulation came into force. Given interchange fees generally represent a
large proportion of the merchant service charge, we will engage with industry on this topic in
the coming months to assess the scale of the problem.
19
7
Account Information Services and Payment Initiation Services
7.1 This chapter of the consultation invited views on the new regulatory regime for Account
Information Services Providers (AISPs) and Payment Initiation Services Providers (PISPs),
collectively referred to as Third Party Providers (TPPs). This regime will apply from 13 January
2018. This chapter asked a range of questions on the proposed functionality and definitions of
these services, and asked a broad question requesting respondents’ comments on the initial
period of implementation before firms have to comply with the Regulatory Technical Standards
(RTS) produced by the European Banking Authority (EBA).
7.2 One theme running throughout responses to questions 17, 18, 21 and 22 was the inter-
relationship between the PSDII and Open Banking, and concerns around the transitional period
before the EBA RTS comes into effect.
The transitional period
7.3 A number of respondents raised concerns regarding the transitional period after the PSDII
applies (13 January 2018) but before the EBA RTS comes into effect. These respondents wanted
to ensure that this didn’t introduce security risks into the market, or negatively impact
competition by resulting in Account Servicing Payment Service Providers (ASPSPs) complying
with the access requirements in different ways.
Open Banking
7.4 Many respondents also noted the close interaction between the PSDII and Open Banking.
While respondents largely favoured Open Banking APIs as the best access method for TPPs,
some respondents questioned whether the PSDII and Open Banking would align in terms of
scope (many respondents thought Open Banking APIs should cover all payment accounts) and
timing, and if not whether they would need to support both approaches simultaneously.
Respondents also questioned whether the Open Banking APIs would align with the EBA RTS.
Government response
The transitional period
7.5 The government recognises the concerns of industry regarding the transitional period, and
has worked with the FCA and industry to understand the issues facing market participants.
7.6 The government can confirm that, from 13 January 2018, ASPSPs will have to allow access
to payment accounts for all registered or authorised TPPs, unless they have an objective reason
(such as fraud) to deny access. The FCA sets out further detail on blocking TPPs for fraud in their
draft Approach Document. ASPSPs will not have to provide access to unregulated or
unauthorised TPPs.
7.7 Prior to the RTS coming into effect, registered or authorised TPPs will be able to access
consumers’ accounts directly by utilising their login details (commonly known as ‘screen-
scraping’), or via Application Programming Interfaces (APIs) such as those designed to the Open
20
Banking Standard. This is in line with the PSDII, which states that all registered or authorised
TPPs must be able to access accounts.
Open Banking
7.8 The government’s expectation is that the Open Banking directory and standard APIs will
start to be available to TPPs for the majority of UK consumers’ current accounts from 13 January
2018. The government is of the view that this access route offers a more secure and stable
interface for ASPSPs, while also creating a more competitive ecosystem for TPPs by lowering the
barriers to entry. The government therefore strongly encourages TPPs to use these APIs where
they are available, other ASPSPs to use the Open Banking standard APIs for their payment
accounts, and the Open Banking Implementation Entity to broaden the scope of Open Banking
to the full PSDII product suite in due course.
The live market
7.9 Since the consultation, the government has received a number of enquiries from industry
regarding the status of the ‘live-market’ (firms already in operation), and its ability to continue
outside of regulation from 13 January 3018 until the RTS comes into force.
7.10 The government can confirm that, in line with the text of the PSDII, TPPs operating before
12 January 2016 can continue to perform the same activities outside of regulation from 13
January 2018, but only until that point at which the RTS come into effect. It is important to note
however that where a TPP continues to operate outside of regulation, it does not have a right of
access. If TPPs wish to benefit from the right of access that the PSDII brings they will need to get
registered or authorised with the FCA.
7.11 All new TPPs or those established on or after 12 January 2016 will need to be registered or
authorised to operate from 13 January 2018.
7.12 We also understand that access to the Open Banking directory (and therefore access to
Open Banking Standard APIs) will be dependent upon registration or authorisation with the FCA
or another EEA Competent Authority.
7.13 All firms will require Professional Indemnity Insurance (PII) to become registered or
authorised. The government is aware of the concerns of some TPPs that there may not be PII
available, and is engaging with TPPs and insurers on this issue.
Further comments
7.14 Respondents also highlighted the need for alignment and compliance with the General
Data Protection Regulation (GDPR), and raised the need for clarity over what constitutes the
definition of ‘sensitive payment data.’
7.15 Several respondents also suggested that the FCA register of TPPs should be updated in real-
time and API-enabled to validate and verify TPPs accessing accounts.
Government response
7.16 The government recognises the need to provide clarity to market participants where the
PSDII overlaps with other pieces of legislation such as GDPR and is working with the FCA and the
Information Commissioner’s Office to ensure a pragmatic approach is taken to aligning the two.
7.17 Sensitive payment data is defined in the directive as “data which can be used to carry out
fraud.” The directive only sets out that, for AIS, the name of the account owner and the account
number do not constitute sensitive payment data. While the starting point is that the payment
account data seen by the customer should be available, it is at the ASPSPs discretion as to the
21
data they consider sensitive enough that it could be used to carry out fraud. The FCA set out
further detail on this in their draft approach document, which will be finalised in due course.
7.18 The government has passed on the feedback regarding the importance of the FCA register
and its capabilities (real-time and API-enabled) to the FCA for consideration.
7.19 Respondents also raised a number of more specific points regarding the questions asked:
Q17. Do you agree with the proposed approach to consent, authentication and communication?
7.20 Some respondents noted that there should be mechanisms to renew or withdraw consent
periodically, and the interaction between authentication and consent where an ASPSP wishes to
satisfy itself that consent has been given.
Government response
7.21 The government intends to maintain its proposed approach to consent, authentication and
communication for AISPs and PISPs. The FCA’s draft Approach Document sets out further detail
on the withdrawal of consent. The final EBA RTS will set the approach to renewal of consent,
with the current draft suggesting this should be left to individual Payment Service Providers
(PSPs) to decide upon.
Q18. Do you agree with the information and payment functionality that will be available to
AISPs and PISPs?
7.22 The consultation document set out the intention that users will have the right to use AISPs
and PISPs in relation to all online payment accounts and that ASPSPs are expected to provide to
an AISP or PISP access to the same information or functionality respectively regarding a payment
account as is available to the user when accessing their account online.
7.23 The majority of those respondents who answered this question agreed with the
information and payment functionality that will be available to AISPs and PISPs. In particular,
respondents mostly agreed with the types of accounts which the government believes will fall
within the definition of an online payment account, although some questioned how applicable
AISP and PISP services are to credit cards, and requested clarity over whether gift card providers
are expected to provide access to TPPs.
7.24 Some respondents disagreed with the proposed approach to direct debits (a TPP is not able
to establish a direct debit mandate unless this is already possible from their online account) and
thought that it should be possible for TPPs to establish direct debit mandates.
Government response
7.25 The government intends to maintain the approach set out in the consultation document,
regarding the accounts in scope of the AISP/PISP regime (namely access must be provided to all
online payment accounts). Again, in line with what the government set out in the consultation
document, ASPSPs will only be expected to provide equivalent access to that available online to
customers. Therefore if consumers cannot initiate a payment from their online credit card
account, PISPs cannot initiate a payment either (and therefore have no right of access). Equally if
there is no online account available (as is the case for many gift cards) there is no requirement
for access to be provided.
7.26 The government recognises the demand from some TPPs to be able to establish (and
terminate) direct debits. The government maintains its view that direct debits are out of scope of
payment initiation services unless this facility already exists within a user’s online payment
22
account. The PSDII definition of payment initiation also does not extend to cancelling or
amending existing direct debits or standing orders.
Q19. Do you agree with the government’s interpretation of the definition of AIS and PIS?
Q20. What services are currently provided that you think may be brought into scope of the PSDII
by the broad reading of the definition of AIS and PIS?
7.27 The majority of respondents agreed with the government’s interpretation of the definition
of AIS and PIS. A number of respondents were however of the opinion that the definitions are
too broad and would capture services that in their view should not be in scope, such as banks’
corporate functions; price comparison websites; accountants; financial advisors; legal firms; and
Credit Reference Agencies (CRAs). Many of these services are currently provided via a contractual
relationship between service providers, users, and ASPSPs, often referred to as Third Party
Mandates (TPMs).
7.28 Clarity was also requested regarding scenarios where a third party accesses data provided
by another third party which it has gathered from an ASPSP, and whether such a model would
be in scope of regulation.
Government response
7.29 The government intends to maintain its current broad interpretation of the definition of an
AIS and PIS as set out in the consultation document, but recognises the concerns of some
respondents around accidentally capturing other services. Regarding specific access routes for
AIS/PIS services, the government:
is aware that the Commission is examining the question of whether certain
corporate systems, such as those operated by SWIFT and host-to-host services,
should be exempt from the scope of the AIS & PIS regimes
does not intend to explicitly carve TPMs out of the definition of AIS/PIS services, as
they could be used as an access route for TPPs providing services which should be in
scope. It is the services that the firm in question is providing that need to be
registered or authorised, independent of the access route. The government however
does recognise respondents’ concerns, and notes that many uses of these mandates
are likely to be outside of the scope of the PSDII. Examples could include power of
attorney, where the services are unlikely to be undertaken ‘in the course of business’
7.30 Regarding which TPP needs to be authorised if there is more than one, the general rule is
that the TPP which the customer has a contractual relationship with for accessing their account
is the TPP which needs to be registered or authorised.
7.31 TPPs must consider whether they are providing other regulated financial services as they may
need to be registered or authorised under other regulations. All parties must handle customers’
data in line with data protection legislation and GDPR once it applies from May 2018.
7.32 The FCA will assess individual business models on a case-by-case basis, and the government
encourages firms to engage with the FCA if they think that their business model could fall within
the regulatory perimeter.
Q21. Do you agree with this description of the rights and obligations for ASPSPs, AISPs, and PISPs?
7.33 Various respondents raised concerns regarding liability for ASPSPs where they have to
refund users for unauthorised payments immediately and then – if relevant – seek compensation
23
from a PISP that is liable. Several respondents highlighted the need for fair and impartial
arbitration between ASPSPs and PISPs in these instances.
7.34 Some respondents were also keen to ensure that ASPSPs do not look to overly restrict
access to perform maintenance or in the event of system failures and questioned how regulators
could ensure this does not happen.
Government response
7.35 The government recognises the concerns of ASPSPs who are seeking compensation from a
PISP (where the PISP is liable) and can confirm that ASPSPs will have a right of action against
PISPs in the event they breach their regulatory obligation to refund an ASPSP for an
unauthorised transaction. However, we would also encourage industry to develop a voluntary
solution to better address this issue for all parties involved.
7.36 The directive does not explicitly provide for ASPSPs to restrict access where they are
performing maintenance or in the event of system failures. The RTS does, and as such, from when
the RTS comes into force, we expect any such event to be completed/repaired without undue
delay. We expect the RTS will also require firms to provide notice of maintenance to the FCA.
Q22. Do you have any comments on the initial period of implementation, before the EBA RTSs
are fully in force?
7.37 Responses to this question have been discussed as part of the introduction to this chapter.
25
8 Respondents to the consultation
118 118
ABCUL
ABTA
Accenture
AIME
AirPlus International
AITO
American Express
Apple
Association of Independent Risk and Fraud Advisors
ATOL
Association of UK Payment Institutions
Barclays
Boku
BRC
British Airways
BSA
CallCredit
C&CCC
CGI
Cifas
Circle
EA Change Group
EMA
EML
Experian
Fast Encash
Faster Payments
26
FDATA
Figo
Financial Services Consumer Panel
First Data
Flex-e-card
Folk2Folk
FSCom
Funding Circle
GVS Prepaid
Hogan Lovells
ICAEW
ICO
Icon Solutions
IG Group
Irish League of Credit Unions
Jumio
Just Eat
Keystone Law
Lloyds Banking Group
Lufthansa
MasterCard
Mk2 Consulting Ltd.
Mobile UK
Modulr
Moneygram
NAMA
Nationwide
Netsize
New Change FX
Open Banking
PayM
Payments UK
27
PayPal
Paysafe
Pinsent Masons
Prepaid International Forum
PSA
Putney Travel
RBS
Tandem
Tech UK
The Number
Tibit Limited
Tink
Token
TransferWise
Transpact
Transparency Taskforce
Trustly
UKCTA
UK Gift Card and Voucher Association
Virgin Money
Visa
Vodafone
Western Union
WEx
Which?
World First
WorldPay
Yodlee
HM Treasury contacts
This document can be downloaded from www.gov.uk
If you require this information in an alternative format or have general enquiries about HM Treasury and its work, contact:
Correspondence Team HM Treasury 1 Horse Guards Road London SW1A 2HQ
Tel: 020 7270 5000
Email: [email protected]